SEC-1492: Added SimpleAuthoritiesMapper which provides a one-to-one authority mapping with case-conversion and the addition of a "role" prefix to the authority name.
This commit is contained in:
Luke Taylor
parent
3547cfcc92
commit
5f6dab67e1
|
|
@ -0,0 +1,101 @@
|
||||||
|
package org.springframework.security.core.authority.mapping;
|
||||||
|
|
||||||
|
import org.springframework.beans.factory.InitializingBean;
|
||||||
|
import org.springframework.security.core.GrantedAuthority;
|
||||||
|
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||||
|
import org.springframework.util.Assert;
|
||||||
|
|
||||||
|
import java.util.*;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Simple one-to-one {@code GrantedAuthoritiesMapper} which allows for case conversion of the authority name
|
||||||
|
* and the addition of a string prefix (which defaults to {@code ROLE_}).
|
||||||
|
*
|
||||||
|
* @author Luke Taylor
|
||||||
|
* @since 3.1
|
||||||
|
*/
|
||||||
|
public final class SimpleAuthorityMapper implements GrantedAuthoritiesMapper, InitializingBean {
|
||||||
|
private GrantedAuthority defaultAuthority;
|
||||||
|
private String prefix = "ROLE_";
|
||||||
|
private boolean convertToUpperCase = false;
|
||||||
|
private boolean convertToLowerCase = false;
|
||||||
|
|
||||||
|
public void afterPropertiesSet() throws Exception {
|
||||||
|
Assert.isTrue(!(convertToUpperCase && convertToLowerCase),
|
||||||
|
"Either convertToUpperCase or convertToLowerCase can be set to true, but not both");
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Creates a mapping of the supplied authorities based on the case-conversion and prefix settings.
|
||||||
|
* The mapping will be one-to-one unless duplicates are produced during the conversion. If a default
|
||||||
|
* authority has been set, this will also be assigned to each mapping.
|
||||||
|
*
|
||||||
|
* @param authorities the original authorities
|
||||||
|
*
|
||||||
|
* @return the converted set of authorities
|
||||||
|
*/
|
||||||
|
public Set<GrantedAuthority> mapAuthorities(Collection<? extends GrantedAuthority> authorities) {
|
||||||
|
HashSet<GrantedAuthority> mapped = new HashSet<GrantedAuthority>(authorities.size());
|
||||||
|
for (GrantedAuthority authority : authorities) {
|
||||||
|
mapped.add(mapAuthority(authority.getAuthority()));
|
||||||
|
}
|
||||||
|
|
||||||
|
if (defaultAuthority != null) {
|
||||||
|
mapped.add(defaultAuthority);
|
||||||
|
}
|
||||||
|
|
||||||
|
return mapped;
|
||||||
|
}
|
||||||
|
|
||||||
|
private GrantedAuthority mapAuthority(String name) {
|
||||||
|
if (convertToUpperCase) {
|
||||||
|
name = name.toUpperCase();
|
||||||
|
} else if (convertToLowerCase) {
|
||||||
|
name = name.toLowerCase();
|
||||||
|
}
|
||||||
|
|
||||||
|
if (prefix.length() > 0 && !name.startsWith(prefix)) {
|
||||||
|
name = prefix + name;
|
||||||
|
}
|
||||||
|
|
||||||
|
return new SimpleGrantedAuthority(name);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Sets the prefix which should be added to the authority name (if it doesn't already exist)
|
||||||
|
*
|
||||||
|
* @param prefix the prefix, typically to satisfy the behaviour of an {@code AccessDecisionVoter}.
|
||||||
|
*/
|
||||||
|
public void setPrefix(String prefix) {
|
||||||
|
Assert.notNull(prefix, "prefix cannot be null");
|
||||||
|
this.prefix = prefix;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Whether to convert the authority value to upper case in the mapping.
|
||||||
|
*
|
||||||
|
* @param convertToUpperCase defaults to {@code false}
|
||||||
|
*/
|
||||||
|
public void setConvertToUpperCase(boolean convertToUpperCase) {
|
||||||
|
this.convertToUpperCase = convertToUpperCase;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Whether to convert the authority value to lower case in the mapping.
|
||||||
|
*
|
||||||
|
* @param convertToLowerCase defaults to {@code false}
|
||||||
|
*/
|
||||||
|
public void setConvertToLowerCase(boolean convertToLowerCase) {
|
||||||
|
this.convertToLowerCase = convertToLowerCase;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Sets a default authority to be assigned to all users
|
||||||
|
*
|
||||||
|
* @param authority the name of the authority to be assigned to all users.
|
||||||
|
*/
|
||||||
|
public void setDefaultAuthority(String authority) {
|
||||||
|
Assert.hasText(authority, "The authority name cannot be set to an empty value");
|
||||||
|
this.defaultAuthority = new SimpleGrantedAuthority(authority);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
@ -0,0 +1,76 @@
|
||||||
|
package org.springframework.security.core.authority.mapping;
|
||||||
|
|
||||||
|
|
||||||
|
import static org.junit.Assert.*;
|
||||||
|
|
||||||
|
import org.junit.*;
|
||||||
|
import org.springframework.security.core.GrantedAuthority;
|
||||||
|
import org.springframework.security.core.authority.AuthorityUtils;
|
||||||
|
|
||||||
|
import java.util.*;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @author Luke Taylor
|
||||||
|
*/
|
||||||
|
public class SimpleAuthoritiesMapperTests {
|
||||||
|
|
||||||
|
@Test(expected = IllegalArgumentException.class)
|
||||||
|
public void rejectsInvalidCaseConversionFlags() throws Exception {
|
||||||
|
SimpleAuthorityMapper mapper = new SimpleAuthorityMapper();
|
||||||
|
mapper.setConvertToLowerCase(true);
|
||||||
|
mapper.setConvertToUpperCase(true);
|
||||||
|
mapper.afterPropertiesSet();
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void defaultPrefixIsCorrectlyApplied() {
|
||||||
|
SimpleAuthorityMapper mapper = new SimpleAuthorityMapper();
|
||||||
|
Set<String> mapped = AuthorityUtils.authorityListToSet(
|
||||||
|
mapper.mapAuthorities(AuthorityUtils.createAuthorityList("AaA", "ROLE_bbb")));
|
||||||
|
assertTrue(mapped.contains("ROLE_AaA"));
|
||||||
|
assertTrue(mapped.contains("ROLE_bbb"));
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void caseIsConvertedCorrectly() {
|
||||||
|
SimpleAuthorityMapper mapper = new SimpleAuthorityMapper();
|
||||||
|
mapper.setPrefix("");
|
||||||
|
List<GrantedAuthority> toMap = AuthorityUtils.createAuthorityList("AaA", "Bbb");
|
||||||
|
Set<String> mapped = AuthorityUtils.authorityListToSet(mapper.mapAuthorities(toMap));
|
||||||
|
assertEquals(2, mapped.size());
|
||||||
|
assertTrue(mapped.contains("AaA"));
|
||||||
|
assertTrue(mapped.contains("Bbb"));
|
||||||
|
|
||||||
|
mapper.setConvertToLowerCase(true);
|
||||||
|
mapped = AuthorityUtils.authorityListToSet(mapper.mapAuthorities(toMap));
|
||||||
|
assertEquals(2, mapped.size());
|
||||||
|
assertTrue(mapped.contains("aaa"));
|
||||||
|
assertTrue(mapped.contains("bbb"));
|
||||||
|
|
||||||
|
mapper.setConvertToLowerCase(false);
|
||||||
|
mapper.setConvertToUpperCase(true);
|
||||||
|
mapped = AuthorityUtils.authorityListToSet(mapper.mapAuthorities(toMap));
|
||||||
|
assertEquals(2, mapped.size());
|
||||||
|
assertTrue(mapped.contains("AAA"));
|
||||||
|
assertTrue(mapped.contains("BBB"));
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void duplicatesAreRemoved() {
|
||||||
|
SimpleAuthorityMapper mapper = new SimpleAuthorityMapper();
|
||||||
|
mapper.setConvertToUpperCase(true);
|
||||||
|
|
||||||
|
Set<String> mapped = AuthorityUtils.authorityListToSet(
|
||||||
|
mapper.mapAuthorities(AuthorityUtils.createAuthorityList("AaA", "AAA")));
|
||||||
|
assertEquals(1, mapped.size());
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void defaultAuthorityIsAssignedIfSet() throws Exception {
|
||||||
|
SimpleAuthorityMapper mapper = new SimpleAuthorityMapper();
|
||||||
|
mapper.setDefaultAuthority("ROLE_USER");
|
||||||
|
Set<String> mapped = AuthorityUtils.authorityListToSet(mapper.mapAuthorities(AuthorityUtils.NO_AUTHORITIES));
|
||||||
|
assertEquals(1, mapped.size());
|
||||||
|
assertTrue(mapped.contains("ROLE_USER"));
|
||||||
|
}
|
||||||
|
}
|
||||||
Loading…
Reference in New Issue